| Oracle® Retail POS Suite Security Guide Release 14.1 E54480-01 |
|
 Previous |
 Next |
In general, securing a register requires retailers to take the following actions:
Control physical and electronic access to the systems which handle sensitive data.
Provide regularly scheduled auditing of network and network component activity.
Deactivate unnecessary operating system components and securely configure those that remain active.
Protecting Oracle Retail Point-of-Service data on the network is accomplished through the use of multiple security techniques. This is sometimes referred to as a Defense in Depth strategy, where each security technique helps to mitigate the risk of one component of the defense being compromised or circumvented. Depending upon the business and technological needs of each retailer, obtaining and maintaining PCI-DSS certification will likely require the use of the following suggested security-related practices for operating a network securely:
Segment the network—The physical network is composed of isolated parts, divided along the different security and management needs of individual applications.
The network configuration should include a private network for Oracle Retail Point-of-Service, making it impossible to connect to the Internet.
Control access to routers and switches—Create a platform-specific minimum configuration standard for all routers and switches that follow suggested industry security-related practices for security and performance.
Utilize firewalls—Hardware firewalls should utilize explicit rules tuned to the services and ports needed by the applications served by the network.
Secure the wireless network—Enforce encryption and require certificate-based authentication.
Control physical access to networks and network devices.
Use a centralized system for authentication and authorization that provides each user with unique and strongly-protected credentials.
Obscure the purpose of network resources through the use of naming conventions.
Implement a strategy for monitoring and auditing network access and activity.
Steps should be taken to harden the operating system on which the Oracle Retail Point-of-Service software is run. The process of locking-down the operating system is different for each operating system. In general, the unique needs of the retailer involve the following suggested security-related practices for securing the register system:
Validate system integrity
Install virus protection
Apply any missing operating system patches
Disable unnecessary components and configure remaining components
Secure the desktop
Physically secure equipment, cables, and system housings
There is no point in locking-down a system if its security has already been compromised. For this reason, it is important to validate that the system is free of viruses and rootkits. A trustworthy rootkit detection tool should be used to ensure the integrity of the system. Similarly, anti-virus software should be used to scan and protect the system.
Unfortunately, operating system vendors must continually patch their products against newly discovered vulnerabilities. Retailers must monitor announcements of security updates and patches and follow procedures to keep registers up-to-date.
In most cases, the default out-of-the-box configuration of an operating system includes services and access rules that greatly exceed those required to support the functions of a typical register. Removing unnecessary services and limiting the authority of the remaining services, in addition to closing open ports, reduces the attack surface of the register.
There are a number of resources available on the Internet for hardening Windows and SUSE Linux. One source in particular is The Center for Internet Security, which provides baseline security settings for locking-down a system. For more information, see the following web site:
Having a secure desktop means users are unable to execute unauthorized applications, and are prevented from gaining unauthorized access to system objects and files.
Both Microsoft Windows Embedded POSReady 2009 and IBM SLEPOS present different opportunities and challenges for securing the desktop. In general, retailers should take steps to ensure that the users of the Oracle Retail Point-of-Service client can only access that application.
On Microsoft Windows Embedded POSReady 2009, customization of Group Policy and Registry settings can be used to securely lockdown the desktop. Alternatively, there are many third-party utilities that can perform this function.
On SLEPOS, the following should be done to secure the Linux desktop:
Replace the default windows manager with the Oracle Retail Point-of-Service client.
Disable keystroke combinations (that is, CTRL-ALT-BACKSPACE) in X-Windows and registers that would permit a user to gain access to the command prompt on a logged on register.
The Mobile Point-of-Service client physical device should be carefully protected by the merchant. If an unauthorized person tries to use a store's device, the authentication process should provide protection against unauthorized use.
There are several layers of protection against an unauthorized mobile device obtaining a connection to the server and acting as a mobile client:
The host IP address and port number would have to be known.
The device would have to gain access to the wireless network, which should be secured.
The device would have to have the Mobile Point-of-Service software installed and configured.
The server only allows access to devices with a known Apple Unique Device Identifier (UDID) or Android Device ID.
The user would have to know a valid user ID and password to log in to the application.
Retailers must take precautions to ensure that any user with malicious intent cannot gain physical access to networks and devices. All equipment involved in the Oracle Retail Point-of-Service activity must be physically secured, including cables and equipment housings. Oracle Retail Point-of-Service registers must be configured to automatically lock when left alone, and must require a password, that conforms to the password policy guidelines, to unlock the register.
Oracle Retail Point-of-Service systems must routinely be audited for signs of compromise. Processes and procedures must exist to detect the installation and execution of unauthorized routines. Application and operating system logs should be fully utilized. Determining the cause of a compromise is extremely difficult without system activity details.
